Cyware Daily Threat Intelligence

Daily Threat Briefing • Aug 20, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Aug 20, 2019
Business Email Compromise (BEC) attack continues to be a favourite attack vector for cybercriminals. Recently, a scammer has successfully leveraged the technique to trick the City of Saskatoon into wiring around $1.4 million to fraud accounts, mostly located in Canada. The scammer impersonated the Chief Financial Officer of Allan Construction to trick the officials of the city.
The past 24 hours also saw the discovery of new variants of Bolik banking trojan and MyKings botnet. While the new Bolik variant, dubbed Win32.Bolik.2, is distributed via a fake NordVPN site, the latest version of MyKings botnet leverages a list of vulnerabilities to infect IoT devices.
Coming to vulnerabilities, a security researcher at Google Project Zero has identified a new security flaw named SockPuppet that affects all iPhones and iPads that have been updated with iOS 12.4 version. The flaw can allow a hacker to take over almost any iPhone or iPad and install ransomware, spyware or any kind of piece of malicious code.
Top Breaches Reported in the Last 24 Hours
Tivoli Gardens website compromised
The website of Tivoli Gardens was compromised, allowing hackers to gain access to Tivoli products and guests’ information. The compromised guest information included names, dates of birth, email addresses, phone numbers, addresses, previous purchases, as well as credit card details. Upon discovery, Tivoli’s IT department took the necessary immediate steps and secured the website.
Macon County website hacked
Macon County in Illinois had its Circuit Clerk official website hacked on August 18, 2019. However, the county’s Information Technology department restored the webpage by 10 am on August 19. Attackers had hacked the website and defaced with a graphic of a person in a Guy Fawkes mask.
Top Malware Reported in the Last 24 Hours
Win32.Bolik.2 trojan
Malicious actors are leveraging a fake NordVPN website to distribute a new variant of Bolik banking trojan dubbed ‘Win32.Bolik.2. The variant is capable of performing web injections, intercepting traffic, and keylogging. The fake website has a valid SSL certificate issued by open certificate authority Let’s Encrypt.
New MyKings botnet variant
Researchers have uncovered a new variant of MyKings botnet that uses WMI for persistence. The variant has already attacked over 50,000 machines and mined an equivalent of US $2.3 million as of early 2018. Over the months that followed, the variant has constantly changed both its targets and its method of infection.
Beapy/PCASTLE malware
Security researchers have detected a new malware dubbed Beapy/PCASTLE which included both worm and cryptominer capabilities. The malware uses a series of exploits to move laterally and compromise victims’ machines. It is delivered via a potentially unwanted application (PUA) application.
Top Vulnerabilities Reported in the Last 24 Hours
SockPuppet flaw
A vulnerability dubbed SockPuppet has been identified in all iPhone and iPads that are updated to iOS 12.4 version. The flaw can allow a hacker to take over almost any iPhone or iPad and install ransomware, spyware or any kind of piece of malicious code.
Vulnerable Webmin
A security flaw in Webmin can allow a remote attacker with root privileges to execute malicious commands on machines. Once these machines are compromised, an attacker could then use it to launch attacks on the systems managed through Webmin. The flaw has received a vulnerability ID of CVE-2019-15107.
VLC Media Player 3.0.8 released
VideoLan has released VLC Media Player 3.0.8 with fixes for 13 security vulnerabilities. The new version of VLC is available for Windows, Mac, and Linux. A majority of the flaws are buffer overflow vulnerabilities.
Flaws in Nest Cam IQ indoor camera
Eight vulnerabilities that impact Google’s Nest Cam IQ indoor security cameras have been identified by security researchers. The vulnerabilities would allow attackers to sniff out network information and execute code on devices. Three of these vulnerabilities are DoS bugs; two could allow code execution and the other three could be used for information disclosure.
Top Scams Reported in the Last 24 Hours
Sextortion scam
Pilfering money through sextortion scam has become the latest trend for cybercriminals. Here, the scammers send emails to targeted users and blackmail them of releasing their inappropriate videos or images to their contacts. These types of emails end with a demand for payment in the form of Bitcoin. Such scams are carried out via botnets such as Necurs or Cutwail.
City of Saskatoon tricked
A scammer has tricked the officials of City of Saskatoon in a massive BEC scam. The scam has caused the City to lose a sum little over $1 million. The scammer impersonated the Chief Financial Officer of Allan Construction and sent an email asking to make the payment around August 7 or 8. The city became aware of the scam on August 12 and traced the money to accounts used by the scammer.